UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Solaris 11 X86 Security Technical Implementation Guide


Overview

Date Finding Count (85)
2017-07-28 CAT I (High): 11 CAT II (Med): 57 CAT III (Low): 17
STIG Description
Developed by Oracle in coordination with DISA for the DoD. The Solaris 11 (X86) Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-48107 High Login must not be permitted with empty/null passwords for SSH.
V-47915 High The telnet service daemon must not be installed unless required.
V-47911 High The FTP daemon must not be installed unless required.
V-47913 High The TFTP service daemon must not be installed unless required.
V-48121 High The system must not allow autologin capabilities from the GNOME desktop.
V-48119 High There must be no user .rhosts files.
V-47905 High The NIS package must not be installed.
V-47845 High The operating system must alert designated organizational officials in the event of an audit processing failure.
V-47843 High The audit system must alert the System Administrator (SA) if there is any type of audit failure.
V-48143 High The operating system must not allow logins for users with blank passwords.
V-48027 High The operating system must be a supported release.
V-47785 Medium The audit system records must be able to be used by a report generation capability.
V-47787 Medium The operating system must provide the capability to automatically process audit records for events of interest based upon selectable, event criteria.
V-47999 Medium The system must not have accounts configured with blank or null passwords.
V-47783 Medium The audit system must support an audit reduction capability.
V-59827 Medium All run control scripts must have mode 0755 or less permissive.
V-47997 Medium The operating system must implement transaction recovery for transaction-based systems.
V-48089 Medium The nobody access for RPC encryption key storage service must be disabled.
V-47991 Medium The system must require passwords to contain at least one special character.
V-47789 Medium The audit records must provide data for all auditable events defined at the organizational level for the organization-defined information system components.
V-47835 Medium The audit system must alert the SA when the audit storage volume approaches its capacity.
V-48087 Medium Login services for serial ports must be disabled.
V-47781 Medium The audit system must produce records containing sufficient information to establish the identity of any user/subject associated with the event.
V-47939 Medium The operating system must disable information system functionality that provides the capability for automatic execution of code on mobile devices without user direction.
V-47971 Medium The system must require passwords to contain at least one uppercase alphabetic character.
V-48077 Medium Reserved UIDs 0-99 must only be used by system accounts.
V-48133 Medium Permissions on user home directories must be 750 or less permissive.
V-48055 Medium The system must restrict the ability of users to assume excessive privileges to members of a defined group and prevent unauthorized users from accessing administrative tools.
V-48057 Medium The operating system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator.
V-48123 Medium Permissions on user .netrc files must be 750 or less permissive.
V-48053 Medium The system must prevent the use of dictionary words for passwords.
V-48139 Medium The operating system session lock mechanism, when activated on a device with a display screen, must place a publicly viewable pattern onto the associated display, hiding what was previously visible on the screen.
V-47797 Medium Audit records must include when (date and time) the events occurred.
V-47795 Medium Audit records must include what type of events occurred.
V-47989 Medium The system must require passwords to contain at least one numeric character.
V-47793 Medium The operating system must support the capability to compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within organization-defined level of tolerance.
V-47791 Medium The operating system must generate audit records for the selected list of auditable events as defined in DoD list of events.
V-59839 Medium All system start-up files must be owned by root.
V-48115 Medium Groups assigned to users must exist in the /etc/group file.
V-48035 Medium The root account must be the only account with GID of 0.
V-47981 Medium The operating system must enforce password complexity requiring that at least one lowercase character is used.
V-48245 Medium The system must disable accounts after three consecutive unsuccessful login attempts.
V-48103 Medium Direct root account login must not be permitted for SSH access.
V-59831 Medium Run control scripts executable search paths must contain only authorized paths.
V-48195 Medium The operating system must terminate all sessions and network connections when non-local maintenance is completed.
V-48093 Medium X11 forwarding for SSH must be disabled.
V-47901 Medium The legacy remote network access utilities daemons must not be installed.
V-47799 Medium Audit records must include where the events occurred.
V-48127 Medium Logins to the root account must be restricted to the system console only.
V-59841 Medium All system start-up files must be group-owned by root, sys, or bin.
V-48113 Medium Host-based authentication for login-based services must be disabled.
V-47961 Medium Users must not reuse the last 5 passwords.
V-48101 Medium The rhost-based authentication for SSH must be disabled.
V-47967 Medium The system must require at least eight characters be changed between the old and new passwords during a password change.
V-47957 Medium User passwords must be at least 15 characters in length.
V-47803 Medium Audit records must include the outcome (success or failure) of the events that occurred.
V-47921 Medium The VNC server package must not be installed unless required.
V-47801 Medium Audit records must include the sources of the events that occurred.
V-49635 Medium The operating system must monitor for unauthorized connections of mobile devices to organizational information systems.
V-61005 Medium All .Xauthority files must have mode 0600 or less permissive.
V-48061 Medium The default umask for system and users must be 077.
V-48117 Medium The use of FTP must be restricted.
V-48065 Medium The system must not allow users to configure .forward files.
V-48067 Medium User .netrc files must not exist.
V-48043 Medium The delay between login prompts following a failed login attempt must be at least 4 seconds.
V-48243 Medium Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors.
V-48047 Medium Graphical desktop environments provided by the system must automatically lock after 15 minutes of inactivity.
V-48045 Medium The system must require users to re-authenticate to unlock a graphical desktop environment.
V-47895 Low The limitpriv zone option must be set to the vendor default or less permissive.
V-48109 Low Users must have a valid home directory assignment.
V-47993 Low The system must require passwords to contain no more than three consecutive repeating characters.
V-47917 Low The UUCP service daemon must not be installed unless required.
V-47893 Low The finger daemon package must not be installed.
V-47909 Low The pidgin IM client package must not be installed.
V-47897 Low The /etc/zones directory, and its contents, must have the vendor default owner, group, and permissions.
V-48071 Low The default umask for FTP users must be 077.
V-48131 Low The operating system, upon successful logon, must display to the user the date and time of the last logon (access).
V-48205 Low The operating system must display the DoD approved system use notification message or banner for SSH connections.
V-48203 Low The GNOME service must display the DoD approved system use notification message or banner before granting access to the system.
V-48033 Low The operating system must reveal error messages only to authorized personnel.
V-48111 Low The operating system must terminate the network connection associated with a communications session at the end of the session or after 10 minutes of inactivity.
V-48099 Low Consecutive login attempts for SSH must be limited to 3.
V-48199 Low The FTP service must display the DoD approved system use notification message or banner before granting access to the system.
V-48001 Low The system must require authentication before allowing modification of the boot devices or menus. Secure the GRUB Menu (Intel).
V-48209 Low The operating system must display the DoD approved system use notification message or banner before granting access to the system for general system logons.